On June 6, 2017, Rosewood Hotel Group was informed by its hotel reservations service provider, Sabre Hospitality Solutions (“Sabre”), that an unauthorized party had gained access to one of Sabre’s systems that permitted access to certain guest information for some reservations made between November 3, 2016 and March 9, 2017 at hotels managed by Rosewood Hotel Group, including Rosewood Hotels & Resorts, New World Hotels & Resorts and pentahotels. The incident occurred on Sabre’s systems and none of Rosewood Hotel Group’s systems were affected.

The unauthorized party was able to access payment card information for some hotel reservations at Rosewood Hotel Group affected properties, including cardholder name, payment card number, card expiration date, and potentially card security code. In some cases, the unauthorized party also was able to access guest name, email, phone number, address, and other information. Information such as Social Security, passport, and driver’s license number was not accessed.

Sabre’s investigation found that the unauthorized party first obtained access to Rosewood Hotel Group-related payment card and other reservation information on November 3, 2016. The last access to this information by the unauthorized party was on March 9, 2017. Sabre has indicated that they have been investigating the incident and have engaged a leading cybersecurity firm. Law enforcement has also been notified. Sabre has told Rosewood Hotel Group that they have taken steps to help prevent further unauthorized access to reservation records. Rosewood Hotel Group is working with Sabre to address this issue and are notifying guests whose reservations have been accessed.

Rosewood Hotel Group recommends that affected individuals remain vigilant for incidents of fraud and identity theft by regularly reviewing account statements and monitoring free credit reports for any unauthorized activity. If there is any suspicious or unusual activity, affected individuals should report it immediately to their financial institutions, as the major credit card companies have rules that restrict them from requiring payment for fraudulent charges that are reported timely.

Further information for guests, including a list of the properties affected and dates of exposure for each affected property, can be found online using the following links: